IAM Role Permissions | Teradata VantageCloud Enterprise on AWS (DIY) - IAM Role Permissions - Teradata® VantageCloud Enterprise on AWS

VantageCloud Enterprise on AWS (DIY) Installation and Administration Guide - 3.2.0.0
Deployment
VantageCloud
Edition
Enterprise
Product
Teradata® VantageCloud Enterprise on AWS
Release Number
3.2.0.0
Published
March 2026
ft:locale
en-US
ft:lastEdition
2026-04-06
dita:mapPath
cnb1751049708013.ditamap
dita:ditavalPath
eps1751058592388.ditaval
dita:id
jnv1467245119674
Product Category
Cloud
The following IAM permissions are required by VantageCloud instances to interact with AWS services.
Permission High Level Purpose
"ec2:DescribeNetworkInterfaces", Deployment, Networking
"ec2:DescribeSubnets", Deployment, Networking
"ec2:CreateNetworkInterface", Deployment, Networking
"ec2:AttachNetworkInterface", Deployment, Networking
"ec2:DetachNetworkInterface", Deployment, Networking
"ec2:ModifyNetworkInterfaceAttribute", Deployment, Networking
"ec2:AssignPrivateIpAddresses", Deployment, Networking
"ec2:UnassignPrivateIpAddresses", Deployment, Networking
"ec2:AllocateAddress", Deployment, Networking
"ec2:AssociateAddress", Deployment, Networking
"ec2:DisassociateAddress", Deployment, Networking
"ec2:CreateTags", Teradata created Tags, monitoring
"ec2:DescribeTags", Teradata created Tags monitoring
"ec2:CreateVolume", EBS storage related
"ec2:ModifyVolume", EBS storage related
"ec2:DescribeVolumes", EBS storage related
"ec2:DescribeVolumeAttribute", EBS storage related
"ec2:DescribeVolumeStatus", EBS storage related
"ec2:DescribeInstances", EC2 compute related, monitoring
"ec2:DescribeInstanceStatus", EC2 compute related, monitoring
"ec2:ModifyInstanceAttribute", EC2 compute related, monitoring
"ec2:CreateImage", System restore image related
"ec2:CopyImage", System restore image related
"ec2:DeregisterImage", System restore image related
"ec2:DescribeImages", System restore image related
"ec2:DeleteSnapshot", System restore image related
"ec2:DescribeSnapshots", System restore image related
"ec2:RunInstances", Deployment, Monitoring
"ec2:TerminateInstances", Deployment, Monitoring
"ec2:StopInstances", Deployment, Monitoring
"ec2:StartInstances", Deployment, Monitoring
"ec2:ReleaseAddress", Deployment, Monitoring, Networking
"ec2:DeleteNetworkInterface", Deployment, Monitoring, Networking
"ec2:CreatePlacementGroup", Deployment
"ec2:DescribePlacementGroups", Deployment
"ec2:DeletePlacementGroup", Deployment
"ec2:CreateSnapshot", System restore image related
"ec2:RegisterImage", System restore image related
"iam:PassRole", Deployment
"iam:GetRole", Deployment
"iam:GetRolePolicy", Deployment
"states:StartExecution", Deployment
"states:StopExecution", Deployment
"lambda:CreateFunction", Deployment,
"lambda:DeleteFunction", Deployment,
"states:CreateStateMachine", Deployment
"states:DeleteStateMachine", Deployment,
"states:ListStateMachines", Deployment,
"lambda:InvokeFunction", Deployment,
"autoscaling:DescribeAutoScalingGroups", Deployment, Node failure Recovery
"autoscaling:DetachInstances", Deployment, Node failure Recovery
"autoscaling:DescribeLaunchConfigurations", Deployment, Node failure Recovery
"autoscaling:AttachInstances", Deployment, Node failure Recovery
"autoscaling:SuspendProcesses", Deployment, Node failure Recovery
"autoscaling:UpdateAutoScalingGroup", Deployment, Node failure Recovery
"autoscaling:CreateAutoScalingGroup", Deployment, Node failure Recovery
"autoscaling:CreateLaunchConfiguration", Deployment, Node failure Recovery
"autoscaling:DeleteLaunchConfiguration", Deployment, Node failure Recovery
"autoscaling:DeleteAutoScalingGroup", Deployment, Node failure Recovery
"autoscaling:DescribeTags", Deployment, Node failure Recovery
"kms:CreateKey", EBS Encryption
"kms:Decrypt", EBS Encryption
"kms:Encrypt", EBS Encryption
"kms:DisableKey", EBS Encryption
"kms:CreateAlias", EBS Encryption
"kms:ListAliases", EBS Encryption
"kms:ScheduleKeyDeletion" EBS Encryption